Half time seminar - Lovisa Eriksson: "Machine Learning Under Unreliable Inputs: Detection, Mitigation, and Trade-offs"

Abstract:
Decisions in society have become increasingly made by automated systems, from cruise control systems to policing and decisions on loan and job applications. These decisions affect the lives of millions of people, and it is therefore important that the systems used are reliable. Through non-verified sensors and inputs the data fed to the models can be manipulated, and the decisions made are thus susceptible to malicious attacks. My research concerns how these attacks can be detected, how related risks can be weighted during training, and how systems through such practices can be made more trustworthy. The presentation covers two papers and one extended abstract: The first paper [1] concerns false data injection attacks.

Previous work assumes restrictions on the perturbation, but does not provide ways to enforce or verify the assumptions. We propose a model with an integrated detector, such that a secure model is applied to the data when an anomaly is detected. We prove that by properly handling detected anomalies through model switching, the attacker is implicitly forced to be stealthy. The model scheme is formalised, some connections with missing features and regularisation discussed, and convex formulations and numerical results are presented for linear models. The second paper [2] concerns delay injection attacks, with simulations made on a cruise control example.

An unknown delay on the sensor measurements is injected into the feedback path of the system at an unknown time point. We propose a variation of Interactive Multiple Model (IMM) filtering to detect such attacks in real-time through parallel and sequential application of Kalman filters, treating delays as hidden modes of the system. We provide theoretical insights on how parameters can be set, and show great improvements in average detection delay compared to previous works. Finally, I will shortly present an extended abstract [3] about inherent challenges of ethical AI, and discuss some future directions of my work.

[1] Adversarial Training of Linear Models under Stealthy Attacks, Lovisa Eriksson, André M. H. Teixeira, and Dave Zachariah, To be submitted to IEEE Signal Processing Letters

[2] Detecting Feedback-path Delay Injection Attacks Using Interacting Multiple Model Filtering, Lovisa Eriksson, Torbjorn Wigren, Dave Zachariah, and André M. H. Teixeira, accepted to the European Control Conference (ECC) 2026

[3] On the impossibility of universally ethical AI, Lovisa Eriksson, European Conference on Ethics and Integrity in Academia 2025, book of abstracts pp. 78-79